I have an ASP.NET web application that makes secure calls (BASIC auth) to a .NET web service using credentials supplied via a login form. The problem I have is, how can I keep the user credentials or a reference to the initial web service call so that I do not have to keep passing credentials for each subsequent call? These calls can come from numerous ASP.NET pages after the initial login.

Initially, I setup a Public variable in a module to the web service that was available during the entire user session. I do not think this would work since the variable would get overwritten if another user accessed the form. Since the credentials were already set at login, I no longer had to keep passing credentials for further calls and the reference was available globally. This worked wonderfully, but I do not think a Public var was the correct way to address this. This also made it nice since I did not have to store the credentials.

The only other way I could think to do this is to store the username and password either in a session variable or cookie. Obviously this is NOT a good idea. However, if I did this then I could pull back those users credentials and pass them for every call.

Any ideas would be greatly welcomed!!